b' DEPARTMENT OF HOMELAND SECURITY\n    Office of Inspector General\n\n\n\n    ADVISE Could Support Intelligence\n       Analysis More Effectively\n\n\n\n\nOIG-07-56                        June 2007\n\x0c\x0cTable of Contents/Abbreviations\n\nExecutive Summary ...............................................................................................................................3\n\nBackground ............................................................................................................................................4\n\nResults of Audit .....................................................................................................................................8\n\n    R&D Planning Approach Does Not Effectively Support ADVISE..................................................8\n\n    System Has Not Been Effectively Implemented to Meet Mission Requirements ............................9\n\n    DHS Components Have Not Committed to ADVISE ....................................................................17\n\nRecommendations................................................................................................................................21\n\nManagement Comments and OIG Evaluation .....................................................................................22\n\nAppendices\nAppendix A:          Scope and Methodology\nAppendix B:          Management Comments to the Draft Report\nAppendix C:          Major Contributors to this Report\nAppendix D:          Report Distribution\n\nAbbreviations\n\nAll-WME               All Weapons of Mass Effect\nADVISE                Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement\nDHS                   Department of Homeland Security\nGAO                   Government Accountability Office\nIPT                   Integrated Product Team\nIT                    Information Technology\nOI&A                  Office of Intelligence and Analysis\nOIG                   Office of Inspector General\nOMB                   Office of Management and Budget\nPIA                   Privacy Impact Assessment\nPTA                   Privacy Threshold Analysis\nR&D                   Research and Development\nS&T                   Science and Technology Directorate\nTVIS                  Threat-Vulnerability Integration System\n\n\n\n\n                                      ADVISE Could Support Intelligence Analysis More Effectively\n\x0c\x0cTable of Contents/Abbreviations\n\nFigures\nFigure 1   ADVISE Connects and Visualizes Data to Support Intelligence Analysis ...................4\n\nFigure 2   ADVISE Pilot Implementations ....................................................................................6\n\nFigure 3   ADVISE Funding Summary ..........................................................................................7\n\nFigure 4   Key Areas Not Addressed During ADVISE Effort .....................................................10\n\nFigure 5   ADVISE Implementations and Privacy Assessments..................................................12\n\nFigure 6   Key ADVISE System Operational and Privacy Dates ................................................12\n\nFigure 7   TVIS Deployment Challenges at OI&A ......................................................................14\n\nFigure 8   ADVISE Customer Buy-in ..........................................................................................21\n\n\n\n\n                        ADVISE Could Support Intelligence Analysis More Effectively\n\x0c\x0cOIG\nDepartment of Homeland Security\nOffice of Inspector General\n\nExecutive Summary\n                The Homeland Security Act of 2002 requires DHS to create and use data\n                mining tools to access, receive, and analyze law enforcement and intelligence\n                information for the purpose of identifying potential terrorist threats within the\n                United States. As of August 2006, there were 12 major data mining efforts in\n                existence within DHS. One such effort is the Analysis, Dissemination,\n                Visualization, Insight, and Semantic Enhancement (ADVISE) program,\n                developed by the Directorate of Science and Technology (S&T) to support\n                DHS\xe2\x80\x99 strategic goals of terrorism awareness and prevention.\n\n                As directed by the Conference Report (House Report No. 109-699) on H.R.\n                5441, Department of Homeland Security Appropriations Act of 2007, we\n                audited the ADVISE program. Our audit objectives were to determine the\n                effectiveness of (1) strategies, policies, and procedures for conducting data\n                mining to produce actionable intelligence on terrorists; (2) systems and\n                activities using data mining techniques; and (3) communication and\n                coordination with information security partners and the public to help prepare\n                for and counter the potential threats identified. The scope and methodology of\n                this review are discussed in Appendix A.\n\n                The ADVISE program is at risk, due to a number of factors. Specifically,\n                S&T program managers did not develop a formal business case for the\n                research and development project, in part because they were unaware of\n                requirements to do so. In addition, program managers did not address privacy\n                impacts before implementing three pilot initiatives to support ADVISE.\n                Further, due to inadequate data access and system usability, Office of\n                Intelligence and Analysis (OI&A) analysts did not use the ADVISE pilot.\n                Finally, because S&T did not effectively communicate and coordinate with\n                DHS leadership about the benefits of ADVISE, departmental components\n                have been unwilling to adopt ADVISE to support their intelligence analysis\n                operations. As a result of privacy concerns, DHS has discontinued the three\n                ADVISE pilots. Further, due to a lack of stakeholder commitment, program\n                managers have stated that continuation of the ADVISE program is in question\n                if an owner cannot be found to pay for future system operations and\n                maintenance costs.\n\n\n\n                   ADVISE Could Support Intelligence Analysis More Effectively\n\n                                             Page 3\n\x0cBackground\n             S&T is the department\xe2\x80\x99s primary research and development arm, responsible\n             for providing federal, state, and local officials with the technology and\n             capabilities needed to protect the homeland. S&T fulfills this mission through\n             its strategic objectives of, among other things, developing and deploying state-\n             of-the-art, high performance systems to prevent, detect, and mitigate the\n             consequences of chemical, biological, radiological, nuclear, and explosive\n             attacks.\n\n             S&T developed ADVISE as a key technology to carry out its strategic goals.\n             ADVISE is a collection of software, hardware, and operational standards that\n             can be adapted and tailored to meet the specific needs of the user organization.\n             ADVISE provides the ability to search, integrate, and gain rapid insights from\n             large quantities of information across disparate databases, a process that\n             would otherwise be overwhelming to intelligence analysts. ADVISE\n             identifies connections among people, organizations, and events, and produces\n             visual representations of these patterns, as shown in Figure 1.\n\n\n\n                                 ADVISE Visually Depicts Information to Support Analysis\n\n\n                      Dick             Attended        Meeting             Attended         Jane\n\n\n\n\n                                 ADVISE Connects Information Across Multiple Databases\n\n\n\n                       Data                                Data                              Data\n                     Source #1                           Source #2                         Source #3\n\n\n\n\n             Figure 1: ADVISE Connects and Visualizes Data to Support Intelligence Analysis\n\n             ADVISE is intended to benefit intelligence analysts by:\n\n             \xe2\x80\xa2   Revealing information or related topics that would otherwise go\n                 unnoticed;\n             \xe2\x80\xa2   Enabling comprehensive analysis capabilities in one place; and\n                 ADVISE Could Support Intelligence Analysis More Effectively\n\n                                              Page 4\n\x0c                          \xe2\x80\xa2   Providing a watch and warning capability to notify analysts when a certain\n                              pattern is detected.\n\n                          DHS is to use the analysis made possible through ADVISE to help detect,\n                          deter, and mitigate threats to our homeland and disseminate timely\n                          information to its homeland security partners and the American public.\n\n                          ADVISE development began in early 2003 following discussions between\n                          S&T officials and personnel at the Department of Energy\xe2\x80\x99s national\n                          laboratories, including Lawrence Livermore National Laboratory (Livermore)\n                          and Pacific Northwest National Laboratory (Pacific Northwest), about\n                          developing a data mining and visualization technology for DHS intelligence\n                          analysts. 1 These laboratories had prior knowledge and experience in\n                          developing such technologies for another federal intelligence agency. S&T\n                          provided funding for the laboratories to develop ADVISE, building on this\n                          prior work.\n\n                          In 2004, S&T expanded the ADVISE concept to provide a general framework\n                          for supporting the analytical activities of multiple DHS organizations. By\n                          2005, S&T had used the ADVISE framework to implement the following\n                          three pilot programs:\n\n                          \xe2\x80\xa2   The Biodefense Knowledge Management System, developed to explore\n                              linkages among biodefense data and assessment to produce actionable,\n                              scientifically rigorous information for anticipating, preventing, and\n                              responding to biological threats. With funding by S&T, the Biodefense\n                              Knowledge Center at Livermore uses this pilot system to help integrate\n                              biodefense information and anticipate and respond to bioterrorist attacks.\n\n                          \xe2\x80\xa2   All Weapons of Mass Effect (All-WME), which uses ADVISE to\n                              determine the capabilities of foreign and domestic terrorist groups to\n                              develop and deploy weapons of mass effect. The All-WME program is\n                              also an S&T-funded initiative at Livermore.\n\n                          \xe2\x80\xa2   The Threat-Vulnerability Integration System (TVIS), which combines and\n                              fuses data in unique ways to create and share knowledge of potential\n                              terrorist threats. S&T implemented the ADVISE pilot at OI&A, the\n                              primary pilot system for demonstrating ADVISE capabilities. The system\n                              is to support the office\xe2\x80\x99s mission of providing homeland security\n                              intelligence to the DHS Secretary and other federal, state, local, and\n                              private sector partners.\n\n\n\n1\n The Homeland Security Act of 2002 gives DHS the authority to use the Department of Energy\xe2\x80\x99s national laboratories to\nsupport homeland security activities.\n                              ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                        Page 5\n\x0c                           The pilots used live data, including personally identifiable information, from\n                           multiple sources in attempts to identify potential terrorist activity. Figure 2\n                           provides a timeline for the three ADVISE initiatives, which became\n                           operational in late 2004 to early 2005.\n\n\n                                                   ADVISE Pilot Implementations\n\n                                            2004             2005                2006           2007\n\n\n                                     System\n                                     Operational       Biodefense Knowledge Management System\n                                     Timeline:\n\n                                                                       All-WME\n\n\n                                                                         TVIS\n\n\n\n\n                           Figure 2: ADVISE Pilot Implementations\n\n                           The ADVISE pilot initiatives use a data mining approach to glean insights\n                           from large amounts of data across various sources. Data mining is the process\n                           of knowledge discovery and predictive modeling and analytics, traditionally\n                           involving the identification of patterns and relationships from databases. 2\n                           Data mining has been used successfully for a number of years in the private\n                           and public sectors for a broad range of applications. For example, in\n                           commercial industry these applications include customer relationship\n                           management, market research, retail and supply chain analysis, medical\n                           analysis and diagnostics, financial analysis, and fraud detection. In\n                           government, data mining is increasingly used to help detect terrorist threats\n                           through the collection and analysis of both public and private sector data.\n                           Although data mining does not replace the expertise that an analyst provides,\n                           it automates and facilitates some of the laborious tasks that an analyst\n                           performs.\n\n                           Due to the ease with which automated systems can be used to gather and\n                           analyze large amounts of previously isolated data, a number of concerns about\n                           potential misuse of personally identifiable information have been raised. Prior\n                           federal data mining efforts faced challenges in balancing the benefits and risks\n                           of this activity. For example, the Total Information Awareness program, a\n                           Department of Defense research and development data mining program to\n                           defend against the threat of terrorism, faced considerable negative publicity\n                           and was ultimately shut down by the Congress due to privacy concerns.\n\n\n2\n    Survey of DHS Data Mining Activities, OIG-06-56, August 2006.\n                               ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                         Page 6\n\x0c                        Given these data mining challenges, in 2006, the Congress directed the\n                        Government Accountability Office (GAO) to review the ADVISE program to\n                        determine the system\xe2\x80\x99s capabilities, uses, and associated benefits. The\n                        Congress wanted to know whether potential privacy issues could arise from\n                        using the tool and how DHS has addressed such issues. Based on its review,\n                        GAO reported that prior to implementing the system DHS needed to ensure\n                        that privacy protections were in place. 3 As such, GAO recommended that\n                        DHS immediately conduct a privacy impact assessment (PIA) of the ADVISE\n                        tool and implement privacy controls, as needed, to mitigate any identified\n                        risks. Based on the system\xe2\x80\x99s cost and potential privacy impact, the Congress\n                        directed our office to review the ADVISE program, as well. 4\n\n                        Figure 3 charts the ADVISE budget through fiscal year 2007, showing a total\n                        program budget of about $42 million. S&T has used these funds for\n                        development of the ADVISE framework and deployment of the pilot systems,\n                        since the program was based on prior research at the national laboratories.\n                        S&T plans to transition funding for ADVISE operations and maintenance to\n                        system customers in subsequent years. Hence, funding for FY 2008 is\n                        limited, subject to appropriations. Funding for FY 2009 and beyond has not\n                        yet been determined.\n\n                                                 ADVISE FUNDING SUMMARY\n                         Funding ($ K)              FY 2003 FY 2004 FY 2005 FY 2006 FY 2007               Total\n\n                         Research                                             200            60\n                         Development                   3,100      8,300     7,000         4,190   1,000\n                         Pilot Deployments             1,900      3,200     7,300         4,250\n                         Operational Prototype                                                     1,500\n                                           Total:      5,000    11,500    14,500      8,500       2,500 42,000\n\n                        Figure 3: ADVISE Funding Summary\n\n\n\n\n3\n  Data Mining: Early Attention to Privacy in Developing a Key DHS Program Could Reduce Risks, GAO-07-293,\nFebruary 2007.\n4\n  H. Rep. No. 109-699 (on DHS Appropriations for FY 2007, P.L. 109-295).\n                            ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                      Page 7\n\x0cResults of Audit\nR&D Planning Approach Does Not Effectively Support ADVISE\n                  S&T planning and management activities for ADVISE have been insufficient\n                  to support effective implementation of the program. Specifically, S&T\n                  program managers were unaware of standards and requirements for research\n                  and development projects and did not develop a formal business case for the\n                  program. Program managers also did not address privacy impacts before\n                  implementing three pilot initiatives to support ADVISE. DHS has\n                  discontinued its three ADVISE pilot programs, pending completion of such\n                  privacy assessments.\n\nProgram Management Unaware of Guidelines for Conducting R&D Projects\n\n                  As with systems acquisitions, research and development (R&D) program\n                  managers can benefit from clear guidance and procedures on planning,\n                  justifying, and deciding from among competing technology solutions.\n                  However, according to ADVISE program managers, they were unaware of\n                  requirements for accomplishing R&D projects and ultimately transitioning the\n                  information technology (IT) solution to potential customers.\n\n                  S&T began ADVISE research efforts in 2003, just after the creation of DHS.\n                  At that time, major department organizations, including S&T, were still in a\n                  formative stage and had not clearly adopted or communicated the standards\n                  for conducting critical program management functions. For example, S&T\n                  program managers stated that because the directorate had no structured R&D\n                  process in place, they relied instead on their own knowledge and personal\n                  experience to determine what program management activities needed to be\n                  performed. They focused their efforts on technical capabilities and IT\n                  engineering and had no standard list of activities to consult to ensure that\n                  important management steps in the R&D process were adequately addressed\n                  to meet end user needs.\n\n                  Similarly, it was not clear to ADVISE program management that the system\n                  needed a privacy assessment. When the DHS Privacy Office began operations\n                  in 2003, it was comprised of only the Chief Privacy Officer and one support\n                  staff member, and did not have the resources or capacity to review all DHS IT\n                  projects for privacy impacts. Therefore, the office concentrated its privacy\n                  evaluation efforts on only those IT projects with completed business cases.\n                  Lacking a business case, the ADVISE R&D effort received little Privacy\n                  Office oversight and review. The responsibility for performing and\n                  documenting privacy impact assessments was not brought to the attention of\n                  ADVISE program managers in the early stages of the initiative.\n\n\n                     ADVISE Could Support Intelligence Analysis More Effectively\n\n                                               Page 8\n\x0cBusiness Case Not Prepared for ADVISE\n\n                         Office of Management and Budget (OMB) Circular A-11 requires that a\n                         federal agency, as part of its capital planning process, prepare a business case\n                         for each major IT project, system, or initiative. 5 Likewise, DHS\xe2\x80\x99 Guide to\n                         Information Technology Capital Planning and Investment Control, issued in\n                         May 2003, states that a program or project manager is responsible for\n                         completing project documentation, including a business case.\n\n                         A business case serves as the primary means of justifying an IT investment\n                         proposal, as well as managing the investment once it is funded. For example,\n                         a business case can serve as a management tool that helps an agency provide\n                         for oversight and periodic review of an IT asset to ensure that it delivers\n                         intended benefits and fulfills mission needs and user requirements. As\n                         program managers develop business cases, they can demonstrate that they\n                         have considered and addressed, among other things, the alignment of the\n                         project to customers\xe2\x80\x99 needs, alternative solutions, data requirements, and\n                         potential effects on privacy.\n\n                         S&T produced a variety of planning documents, including a concept of\n                         operations and system development and implementation plans. However,\n                         S&T did not develop a business case for ADVISE, which would have\n                         provided a more structured approach to justifying and supporting the IT\n                         investment. As previously stated, because S&T had not clearly adopted or\n                         communicated R&D processes and procedures at this phase in the\n                         directorate\xe2\x80\x99s evolution, program managers were unaware of the requirement to\n                         develop such documentation. S&T program managers were unaware of\n                         overarching guidance, such as DHS\xe2\x80\x99 Investment Review Process, which\n                         requires completion of business cases for IT projects, including R&D projects,\n                         that meet specific cost thresholds. 6 Although the ADVISE program\xe2\x80\x99s\n                         lifecycle cost of approximately $42 million through fiscal year 2007 met this\n                         threshold, S&T program managers proceeded without a business case and\n                         have made no plans to prepare one in the future.\n\nSystem Has Not Been Effectively Implemented to Meet Mission Requirements\n                         Inadequate R&D planning has resulted in problems with ADVISE pilot\n                         implementation. Specifically, S&T program managers did not conduct\n                         assessments to ensure that personal privacy issues were addressed effectively\n                         as part of systems implementation. Access to the data needed to demonstrate\n                         system capability and effectiveness in meeting mission needs was not\n                         adequately coordinated. Moreover, because ADVISE contained limited data\n\n5\n  OMB Circular No. A-11, Part 7, Planning, Budgeting, Acquisition, and Management of Capital Assets, July 2004,\namended June 2006.\n6\n  DHS Management Directive 1400, March 2003.\n                             ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                       Page 9\n\x0c                         and was complicated and time consuming to operate and maintain, few\n                         intelligence analysts were committed to using the system.\n\nKey Program Management Activities Not Performed\n\n                         Without a business case, key issues were not identified and addressed during\n                         ADVISE R&D. OMB guidance identifies specific key areas that should be\n                         addressed in developing business cases for proposed IT initiatives. 7 These\n                         areas include conducting privacy impact assessments; identifying the types of\n                         data needed for successful system operations; determining how the proposed\n                         technology will align with customers\xe2\x80\x99 needs; deciding how integrated product\n                         teams (IPT) will be used to plan, budget, procure, and manage the IT project;\n                         and, discussing how alternatives were considered before committing to the\n                         chosen IT solution. Figure 4 depicts the key areas not addressed during\n                         ADVISE R&D due to lack of a business case.\n\n                            Key Areas To Address Within                     Effect of Not Addressing Key\n                                  a Business Case                           Areas During ADVISE Effort\n                           Privacy Impacts                                 Privacy Not Addressed Timely\n\n                           Types of Data Needed for the System             Data Needs Not Determined\n\n                           IT Alignment to Customers\xe2\x80\x99 Needs                Customers\xe2\x80\x99 Needs Not Determined\n\n                           Integrated Project Teams (IPT)                  IPTs Not Used Effectively\n\n                           Alternative IT Solutions                        Alternative Solutions Not Evaluated\n\n                         Figure 4: Key Areas Not Addressed During ADVISE Effort\n\n                         Failure to address these issues during the R&D process limited the\n                         effectiveness of the ADVISE pilot program, as discussed below.\n\n                         Privacy Impacts Not Determined for ADVISE\n\n                         Section 208 of the E-Government Act of 2002 requires federal agencies to\n                         conduct a Privacy Impact Assessment (PIA) for each new or substantially\n                         changed IT system that collects, maintains, or disseminates personally\n                         identifiable information. Additionally, DHS\xe2\x80\x99 official guidance for PIAs,\n                         which was first issued in 2004 and updated in 2006, says that if a system is\n                         being designed to handle personal information, a PIA is required at the very\n                         earliest stage of a project or prior to commencement of a pilot test. 8\n\n7\n  OMB Circular No. A-11, Part 7, Section 300, Planning, Budgeting, Acquisition, and Management of Capital Assets,\nJuly 2004, amended June 2006.\n8\n  DHS Privacy Office, Privacy Impact Assessment Official Guidance, March 2006, previously Privacy Impact\nAssessments Made Simple, February 2004.\n                             ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                       Page 10\n\x0cPIAs have many benefits. Among other things they document what\ninformation is to be collected, the intended use of the information, with whom\nthe information will be shared, and how the information will be secured.\nConducting a PIA ensures that:\n\n\xe2\x80\xa2   Public citizens are aware of the information that an agency collects about\n    them;\n\xe2\x80\xa2   Any impacts that these systems have on personal privacy are adequately\n    addressed; and\n\xe2\x80\xa2   An agency collects only enough personal information to administer its\n    programs, and no more.\n\nFurther, a PIA confirms that an agency uses the information for the purpose\nintended, that the information remains timely and accurate, and that it is\nprotected by the agency and held only as long as needed.\n\nDespite the requirements for, and benefits of, addressing potential privacy\nimpacts early during system design, ADVISE program managers did not\nbegin this process until after the pilot programs were already operational.\nDHS privacy officials told S&T that no such action was required during the\ninitial stages of ADVISE development. Because S&T program managers did\nnot maintain regular contact with the Privacy Office during ADVISE R&D,\nthey did not obtain additional guidance on when to begin the privacy\ndocumentation process or who was responsible for completing it. S&T\nprogram managers were unaware of DHS\xe2\x80\x99 Investment Review Process that\nrequires that when a project is sponsored directly by S&T, as was ADVISE,\nthe S&T project team is responsible for meeting all investment management\nrequirements, including developing a business case and, in this context,\naddressing privacy issues. Not understanding this process, ADVISE program\nmanagers believed it was the responsibility of the individual DHS component\noffices, not S&T, to develop and submit privacy documentation because those\noffices owned the data that would be used by the system.\n\nFor its part, the DHS Privacy Office did not know that S&T had proceeded\nwith implementation of the ADVISE pilot programs with live data, but\nwithout addressing privacy matters. In a July 6, 2006, report to the Congress,\nthe Privacy Office stated that the ADVISE tool alone does not perform data\nmining. However, the report went on to state that implementation of this\nsystem with live data could be considered a data mining tool. Unbeknownst\nto the Privacy Office, the ADVISE pilots had been implemented at least 18\nmonths prior to its July 2006 report.\n\nGiven the lack of communication and coordination between S&T and the\nDHS Privacy Office, ADVISE program managers did not conduct the first\nstep in the privacy assessment process\xe2\x80\x94completing privacy threshold\n    ADVISE Could Support Intelligence Analysis More Effectively\n\n                             Page 11\n\x0canalyses (PTAs) to determine whether PIAs were necessary for each of the\nthree pilots\xe2\x80\x94until one to two years after the systems had been deployed.\nUpon reviewing the PTAs, the Privacy Office determined that each of the\nthree ADVISE pilot systems would require a PIA. Figure 5 illustrates the\ntime lapse between ADVISE implementation and submission of the initial\nPTAs and PIAs for the three pilot systems.\n\n                                ADVISE Pilot Implementations\n                                 and Privacy Assessments\n\n                     2004                     2005                      2006                   2007\n\n\n           System                                                                PTA\n           Operational                                                                  PIA\n                                      Biodefense Knowledge Management System\n           Timeline:\n                                                                           PTA\n                                                           All-WME                     PIA\n\n                                                                          PTA\n\n                                                              TVIS                     PIA\n\n\n\n                                                                                 System Use Shut Down\n                                                                                   Pending Results of\n Key                                                                                 Privacy Review\n Milestones:\n\n  PTA    = Privacy Threshold Analysis Submitted to DHS Privacy Office\n\n\n   PIA   = Privacy Impact Assessment Submitted to DHS Privacy Office\n\n\n\n\nFigure 5: ADVISE Implementations and Privacy Assessments\n\nAccording to the Privacy Office, S&T submitted the PTAs for the three\noperational ADVISE pilot systems in mid to late 2006. The actual submission\ndates of the PTAs and PIAs are shown in Figure 6.\n\n\n  ADVISE Implementations\n                                                          PTA Submission                          PIA Submission\n             and\n                                                               Date                                    Date\n Operational Start Timeframe\n BKMS                    Oct 2004                               11/06/2006                              03/07/2007\n\n All-WME                Dec 2004                               07/21/2006                               01/19/2007\n\n TVIS                    Jan 2005                              06/27/2006                               01/19/2007\n\nFigure 6: Key ADVISE System Operational and Privacy Dates\n\nFailure to properly address privacy issues prior to deploying the three pilots\nhad the ultimate effect of bringing the ADVISE program to a halt. In its\n    ADVISE Could Support Intelligence Analysis More Effectively\n\n                                       Page 12\n\x0c                        February 2007 report, GAO recommended that DHS immediately conduct\n                        ADVISE privacy impact assessments and implement privacy controls, as\n                        needed, to mitigate any identified risks. Subsequently, in March 2007, S&T\n                        shut down all of the ADVISE pilot programs until privacy impacts can be\n                        determined.\n\n                        Privacy considerations cannot be ignored in the context of data mining\n                        systems and activities. Maintaining the appropriate balance between the need\n                        to \xe2\x80\x9cconnect the dots\xe2\x80\x9d and the need to respect the privacy and other legal rights\n                        of U.S. citizens can be a difficult and time-consuming effort, but is a\n                        necessary one. Civil liberties organizations have challenged other data mining\n                        activities in the past; unaddressed privacy concerns pose similar challenges for\n                        the ADVISE program success. Recognizing the risks created by not\n                        addressing privacy issues in a timely manner, senior S&T management is now\n                        working with the Privacy Office to complete the required assessments and\n                        help get the program back on track.\n\n                        Limited Data Access\n\n                        OMB Circular A-130 directs that agencies, as part of their IT investments\n                        planning process, determine how data will be accessed and used to support\n                        proposed systems. 9 Similarly, OMB Circular A-11 directs agencies to\n                        consider the risks inherent in acquiring data from existing sources and\n                        converting it for use in implementing new IT systems.\n\n                        Despite these requirements, S&T did not address adequately data access\n                        issues prior to implementing TVIS, one of the three ADVISE pilots, intended\n                        for use by OI&A intelligence analysts who are the primary customer of\n                        ADVISE. S&T program planning documents indicate that the national\n                        laboratories, responsible for developing TVIS, identified the risks that a lack\n                        of available data could pose to the system\xe2\x80\x99s success. Specifically, TVIS was\n                        designed to identify connections across multiple databases with large\n                        quantities of data. To operate effectively, TVIS requires direct connection\n                        with source databases and depends on data being extracted and ingested\n                        routinely and automatically from these sources. The national laboratories\n                        identified approximately 50 internal DHS data sources and 100 external data\n                        sources that could support the system.\n\n                        However, S&T did not take sufficient action to ensure access to the data\n                        needed for TVIS pilot implementation. At the start of the program, S&T did\n                        not know who owned the data needed or how to get access to it. S&T also\n                        had no process in place for working through these issues. Assuming that\n                        OI&A already had easy access to large amounts of data and the processes in\n\n9\n Revision of OMB Circular No. A-130, Transmittal 4, Management of Federal Information Resources, November 28,\n2000.\n                            ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                     Page 13\n\x0cplace to facilitate obtaining such access, S&T relied on OI&A intelligence\nanalysts to provide the system data on an ad hoc basis. However, this\napproach was not effective. Although the OI&A analysts had access to\nconsiderable data via individual accounts, they lacked direct access to the\nsource databases. The OI&A analysts also did not have the position or\nauthority to coordinate the information sharing agreements necessary to\nensure data access on a continuing basis.\n\nNonetheless, the intelligence analysts provided the limited data that they had\nto support TVIS, but found that the amount of information was inadequate to\nmake ADVISE more useful than their existing analysis tools. Although TVIS\nplanning documents indicated a goal of having 15 data sources loaded into\nTVIS by 2007, as of March 2007, only seven data sets had been loaded\xe2\x80\x94\nmore than two years after TVIS was deployed. Further, these seven data sets\nthat were loaded were of limited size, and inadequate to demonstrate the broad\nanalytical capability of the system. Due to the lack of data to populate the\nsystem, the analysis provided through TVIS was no greater than results\nobtainable via other existing intelligence analysis tools. For example,\nAnalyst\xe2\x80\x99s Notebook, an off-the-shelf tool currently used, also provides\nanalysts with the ability to visually depict connections among people,\norganizations, and events. Figure 7 illustrates the extended amount of time\nrequired to access the limited data sets used to conduct the TVIS pilot.\n\n\n\n                 TVIS Deployment Challenges at OI&A\n   January                January                                   January\n 2004                    2005                2006                2007\n\n\n                                              Challenge\n              Hardware\n                                              Obtaining\n               Setup\n                                             Data Access\n  Hardware                 TVIS                                   Only Seven\n  Delivered              Operational                             Datasets Used\n\n\nFigure 7: TVIS Deployment Challenges at OI&A\n\nIn contrast to TVIS, the two other ADVISE pilot systems\xe2\x80\x94the Biodefense\nKnowledge Management System and All-WME\xe2\x80\x94had access to sufficient\ndata. The programs engaged in these pilots have been able to dedicate the\nstaff resources required to input data to the systems. Analysts that use these\npilot systems have found the analysis that they provide to be highly beneficial.\nFor example, All-WME analysts have used their pilot system to uncover\npreviously unknown connections between organized crime and terrorism.\nAdditionally, Biodefense Knowledge Management System users rely on their\npilot system to explore linkages among open source medical resources and\n   ADVISE Could Support Intelligence Analysis More Effectively\n\n                                Page 14\n\x0c                          documentation, and produce actionable biodefense information and\n                          assessments.\n\n                          System Usability Could be Improved\n\n                          OMB Circular A-11 directs agencies to reduce project risk by involving\n                          stakeholders in the design of IT assets. 10 When users are not involved in\n                          system development, it is difficult to ensure that the system will provide for\n                          their needed functions.\n\n                          Despite these requirements, S&T did not involve adequately users early in the\n                          design of TVIS\xe2\x80\x94the primary pilot system for demonstrating ADVISE\n                          capabilities. The initial requirement for TVIS was based on the high-level\n                          need identified after the September 11, 2001, terrorist attacks to enhance\n                          information sharing across federal, state, local, and private sector\n                          organizations. TVIS was conceived as an advanced analytical tool to help\n                          \xe2\x80\x9cconnect the dots\xe2\x80\x9d and synthesize vast amounts of information across multiple\n                          sources in ways not yet available in the commercial marketplace. As such,\n                          S&T set out to develop a large, powerful system, with far-reaching\n                          capabilities that, some components believed, exceeded the processing capacity\n                          needed. Consequently, TVIS performance metrics focused on technical\n                          functionality, such as the number of facts the system could process\n                          simultaneously, rather than on ease of use.\n\n                          S&T program managers said that they attempted to include OI&A analysts in\n                          TVIS development activities to obtain more specific user requirements. For\n                          example, at one point, S&T met with selected OI&A analysts to elicit their\n                          input and document user requirements. 11 However, the newness and\n                          uncertain mission of the DHS intelligence office at that time made it difficult\n                          to understand its business requirements. Further, the high turnover among\n                          intelligence analysts made it difficult to maintain relationships with the users\n                          long enough to understand sufficiently their functional and IT needs.\n\n                          Due to the challenges in working with OI&A analysts, S&T reached out to\n                          intelligence analysts at the national laboratories to obtain requirements input.\n                          However, by focusing on analysts at the labs, S&T compiled user\n                          requirements that did not consider the constraints and work environment at\n                          OI&A, the primary customer of ADVISE. Specifically, OI&A analysts\xe2\x80\x99 work\n                          tends to be short-term, tactical analysis, yielding immediate response. As\n                          such, OI&A analysts typically remain busy with daily workloads and have\n                          minimal time for other matters such as training and data input. In contrast,\n\n10\n   Circular No. A-11, Part 7, Planning Budgeting, Acquisition, and Management of Capital Assets, Executive Office of\nthe President, Office of Management and Budget, June 2006.\n11\n   S&T met with intelligence analysts of the former Information Analysis and Infrastructure Protection directorate, which\nno longer exists under the current DHS organization. Following the Secretary\xe2\x80\x99s 2005 Second Stage Review, former\nfunctions of the directorate were divided among OI&A, and Preparedness.\n                               ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                         Page 15\n\x0cintelligence analysts at the Biodefense Knowledge Center and All-WME tend\nto work on long-term, strategic intelligence problems that allow considerable\ntime to identify and acquire data sources and prepare data for analysis in the\nsystem. By focusing on the system functionality requirements of the national\nlab users in developing ADVISE, S&T did not address effectively its primary\nusers\xe2\x80\x99 requirements for ease of use and quick turnaround.\n\nFor example, OI&A analysts found that preparing data for processing in TVIS\nwas difficult and time consuming. Much of the information needed by OI&A\nanalysts is generally found in unstructured formats, such as text documents\nand email messages. However, TVIS was designed to easily process large\namounts of structured information, accessed directly from other systems or\ndatabases. TVIS cannot readily extract information from unstructured\nsources. Analysts must first review available documentation, manually tag the\nrelevant portions, and then input the information to the system\xe2\x80\x94a time\nconsuming and resource intensive activity. Analysts said they do not have\ntime to devote to such data preparation and input, but must rely on technical\nsupport staff to perform these tasks.\n\nBecause of data limitations and system complexity, OI&A intelligence\nanalysts never became committed, routine users of TVIS, even though the\npilot remained operational for more than two years. Further, S&T had\ndeveloped a goal of deploying TVIS to more than 100 OI&A analysts\xe2\x80\x99\ndesktops by summer 2007; however, only one or two analysts had access to\nTVIS at any given time while the system was operational at OI&A. Without\nwidespread use of TVIS, S&T was not able to demonstrate fully the pilot\nsystem\xe2\x80\x99s potential to synthesize and process large amounts of information\nfrom disparate data sources.\n\nLacking the capability that TVIS was intended to provide, analysts said they\ncannot accomplish their mission responsibilities effectively. Analysts\ncontinue to rely on previously existing systems, such as Analyst\xe2\x80\x99s Notebook,\nto support their intelligence activities; however, this tool does not provide the\ncapability needed to connect large quantities of information across multiple\ndatabases. As a result, analysts continue to waste time searching through\nindividual, unconnected data sets for related information. Analysts also lose\nvaluable time due to cumbersome processes to gain access to needed data.\nSpecifically, in the absence of interagency agreements for broad-based data\nsharing, OI&A intelligence analysts individually must submit written requests\nfor information that they need from other DHS component organizations.\nWith limited tools, analysts are concerned that they may miss the data\ninterrelationships necessary to help identify potential terrorist threats and\nactivities.\n\nTo address the department\xe2\x80\x99s data sharing issues, DHS Secretary Chertoff\nrecently issued a policy instructing component offices to review their\n   ADVISE Could Support Intelligence Analysis More Effectively\n\n                            Page 16\n\x0c                            procedures and ensure that they facilitate, rather than impede, the exchange of\n                            information with OI&A. 12 In the policy, the Secretary directed all DHS\n                            components to ensure that employees have access to all information pertinent\n                            to their responsibilities. The Secretary also emphasized that DHS must move\n                            to using standardized technology to describe, access, exchange, and manage\n                            information in its automated systems. To help carry out this direction, an\n                            Information Sharing and Collaboration Branch, recently established by OI&A,\n                            is working in conjunction with the DHS Chief Information Officer to catalog\n                            existing information sharing agreements that can be leveraged to support\n                            OI&A data sharing and exchange.\n\n                            Despite the challenges of loading data into ADVISE, recent tests have\n                            provided positive results regarding the system\xe2\x80\x99s user interface. Specifically,\n                            the Interagency Center for Applied Homeland Security Technology conducted\n                            an evaluation of ADVISE in early 2007 using simulated data preloaded into\n                            the system. The center provided various federal and state analysts with\n                            training prior to giving them tasks to perform using the system. When asked\n                            to evaluate the usability and utility of ADVISE, test participants generally\n                            gave the tool a good rating.\n\n                            Further, S&T program management has initiated efforts to address TVIS user-\n                            friendliness issues by developing simple tools with which to perform data\n                            searches in TVIS. For example, a pre-defined query has been developed to\n                            alert analysts of travel by suspected terrorists to the United States. The query\n                            uses specific criteria for assessing the timing and frequency of suspect\n                            attempts to cross the U.S. border. The national laboratories also are\n                            developing tailored knowledge products to facilitate use of ADVISE so that\n                            less training is required. For example, one tailored knowledge product allows\n                            analysts to query information on bio-weapons, such as anthrax, using a simple\n                            keyword search.\n\nDHS Components Have Not Committed to ADVISE\n                            S&T did not coordinate effectively with stakeholders to ensure their\n                            commitment to adopt ADVISE as a solution for their intelligence analysis\n                            activities. Specifically, S&T did not involve stakeholders in the IT selection\n                            process via IPTs. S&T also did not explore alternative solutions to meeting\n                            customer needs within their existing financial, infrastructure, and facility\n                            constraints. As a result, the component stakeholders are not convinced that\n                            they need ADVISE and have not agreed to accept ownership for the system\n                            after the pilot phase of the program has been completed.\n\n\n\n\n12\n     DHS Policy for Internal Information Exchange and Sharing, February 1, 2007.\n                                ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                         Page 17\n\x0cIneffective Communication and Coordination With Stakeholders\n\n                         Partnering with stakeholders is critical to securing end user commitment and\n                         ensuring the success of an IT investment. Conversely, limiting stakeholder\n                         involvement can lead to the development or acquisition of systems that might\n                         not meet user needs and ultimately might not be adopted for mission use.\n                         OMB Circular A-11 recommends the use of IPTs as one way to engage\n                         stakeholders in, and effectively guide, IT efforts. 13 An IPT is a multi-\n                         disciplinary team led by a program manager responsible and accountable for\n                         planning, budgeting, acquiring, and managing a project throughout its life\n                         cycle to ensure that it successfully achieves cost, schedule, and performance\n                         goals. Participants on an IPT might include senior leadership of user\n                         organizations, program managers, system developers, customer\n                         representatives, and acquisition officials. Working together, IPT participants\n                         can use a consensus approach to exploring needs, identifying possible\n                         solutions, and validating strategies for moving forward.\n\n                         In developing ADVISE, S&T did not take steps to ensure DHS component\n                         commitment by instituting IPTs or other methods for involving the\n                         components in the development process. As previously discussed, S&T built\n                         ADVISE from high-level system requirements and did not obtain an\n                         understanding of the privacy, data, and system usability concerns of the\n                         individual DHS components. The limited outreach that S&T did perform\n                         consisted of ad hoc meetings, demonstrations, and briefings on the technical\n                         capabilities of the system. As such, potential customers did not get a clear\n                         understanding of how ADVISE might benefit their individual organizations.\n                         Potential ADVISE customers also did not get a chance at the beginning stages\n                         of system design to discuss costs, consider constraints, and ensure that their\n                         specific user needs would be addressed.\n\n                         Without the opportunity to dialogue on such issues during the early phases of\n                         the program, potential customers are finding it difficult to fit this large,\n                         expensive system into their budgets. While estimates are not yet complete,\n                         initial projections indicate that purchasing and installing ADVISE will be at\n                         least $1 million, with yearly operations and maintenance costs of\n                         approximately $400,000. Although S&T paid for ADVISE operations and\n                         maintenance during the pilot phase of the program, it is expected that these\n                         costs will transfer to the DHS customers when they take ownership of the\n                         system. As of December 2006, S&T did not have an estimate of the costs that\n                         each potential ADVISE customer would incur to operate and maintain\n                         ADVISE after implementation. Nonetheless, a number of potential customers\n\n\n13\n  OMB Circular No. A-11, Part 7, Planning Budgeting, Acquisition, and Management of Capital Assets, Executive\nOffice of the President, Supplement, June 2006.\n\n                             ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                      Page 18\n\x0csaid they are already concerned about their ability to assume what they expect\nto be a significant financial burden.\n\nFor example, officials of Customs and Border Protection\xe2\x80\x99s Office of Strategic\nTrade initially expressed interest in ADVISE as a potential solution to their\nrequirement to view and process millions of pieces of trade data. Customs\nand Border Protection officials received a demonstration of ADVISE\ncapabilities and attended a training session at Livermore. However, after\nlearning the cost of ADVISE, these officials told S&T that the system was too\nexpensive and therefore would not be a good option for them. Similarly,\nImmigration and Customs Enforcement officials complained that there has not\nbeen any clear analysis of the support costs for ADVISE. For example, they\nasked how much it would cost to train their personnel to use the system, but\nS&T provided no response. Lacking such information, Immigration and\nCustoms Enforcement officials have been unable to make a decision about\nadopting the system.\n\nIn addition to issues related to system cost, some components expressed\nconcerns about their ability to house and maintain the system, given their\ninfrastructure limitations. ADVISE is a powerful system that operates using\nten to fifteen servers and other multiple processors. Once installed and\nrunning, the hardware requires considerable electrical power and generates a\nlarge amount of heat. Components were concerned that they would have to\nupdate their physical infrastructures to meet these power and cooling\nrequirements. Immigration and Customs Enforcement officials were fairly\ncertain that they do not have the capacity or facilities needed to support these\nneeds. As a result, these officials are exploring the possibility of using just the\nvisualization portion of ADVISE.\n\nRecently, in efforts to involve customers better and more consistently in its IT\nselection process, DHS has established ten IPTs covering major DHS\nfunctional areas, one of which is information sharing. The IPTs bring DHS\nleadership and user representatives into the IT acquisition process where they\ncan help identify capability gaps, offer technical solutions to fill these gaps,\nprovide a system end-user perspective in selecting IT solutions, and validate a\nplan for IT acquisition. The expected result of this IPT process is a prioritized\nlist of proposed S&T technology investments. The S&T Under Secretary has\ngiven DHS\xe2\x80\x99 Transition Office responsibility for coordinating IPT activities.\n\nIn early 2007, based on information gathered through this recently established\nIPT process and other communications with DHS components, S&T shifted\nits focus to building a smaller version of ADVISE that will cost much less\nthan the full-scale version. National laboratory officials agree that a scaled\ndown version of ADVISE can offer comparable capabilities, but will lack the\ncapacity to handle very large data sets. As a result, this smaller system may\n\n   ADVISE Could Support Intelligence Analysis More Effectively\n\n                            Page 19\n\x0c                    not be able to fulfill DHS\xe2\x80\x99 mandate to synthesize vast amounts of information\n                    across multiple sources.\n\nLack of Alternative Analysis\n\n                    IT project selection involves, among other things, a preliminary investigation\n                    of alternative solutions. Specifically, OMB Circular A-130 requires that\n                    agencies prepare, and update as necessary, a benefit-cost analysis for each\n                    information system, demonstrating consideration of alternatives and choosing\n                    the most cost-effective one.\n\n                    However, in addition to not assessing DHS\xe2\x80\x99 existing intelligence analysis\n                    systems, S&T did not examine commercially available products to determine\n                    whether or not they might meet users\xe2\x80\x99 needs. For example, even though the\n                    ADVISE pilot operated within OI&A for more than 2 years, office leadership\n                    did not understand how ADVISE compared with existing intelligence analysis\n                    technologies such as Analyst\xe2\x80\x99s Notebook, or other systems that could be\n                    purchased off-the-shelf. About a year ago, one OI&A official requested that\n                    S&T provide a comparison of ADVISE to other systems, as well as a\n                    projection of the corresponding system operations and maintenance costs. It\n                    was not until March 2007 that ADVISE program officials provided a response\n                    to this request, via a presentation of the system to OI&A leadership.\n                    However, OI&A leadership found the presentation to be too technical and\n                    remained unconvinced that ADVISE was unique or would be the right\n                    solution for OI&A.\n\n                    It was in the course of this presentation that OI&A became aware of a\n                    potentially viable off-the-shelf tool called \xe2\x80\x9cRiverglass,\xe2\x80\x9d which is currently\n                    being used successfully at the Illinois State Fusion Center to support\n                    intelligence analysis. Riverglass uses a \xe2\x80\x9cfederated\xe2\x80\x9d search capacity; that is,\n                    the data can be accessed by the system remotely. OI&A prefers this type of\n                    data access capability because the information does not have to be brought\n                    into a central location prior to system use. Also, because the system is\n                    commercially available, some users believe that it would be easier to maintain\n                    than a custom-built solution. OI&A expressed interest in Riverglass and\n                    requested that S&T test it as a potential candidate to meet its needs.\n\nComponents Have Not Agreed to Accept Ownership of ADVISE\n\n                    Because S&T did not adequately involve DHS stakeholders in the process to\n                    identify system needs, solutions, and program strategies, and also did not\n                    sufficiently evaluate technical alternatives, the components are not convinced\n                    that they need ADVISE and thus are not committed to the system. DHS\n                    component leaders also are not sure that the benefits of ADVISE outweigh the\n                    costs and have not agreed to accept ownership for the system after the pilot\n                    has been completed. Figure 8 shows the major DHS organizations at which\n                       ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                Page 20\n\x0c              S&T has either demonstrated or piloted ADVISE, along with their decisions\n              concerning adoption of the system or not.\n\n\n\n\n              Figure 8: ADVISE Customer Buy-in\n\n              Specifically, OI&A leadership have declined ADVISE, stating that for the\n              moment they will continue to use their existing tools until the appropriate off-\n              the-shelf solution can be determined and acquired. One OI&A official said\n              that even if ADVISE provided slightly better functionality than other off-the-\n              shelf systems, the preference would be to adopt an off-the-shelf solution that\n              is easy to maintain and operate versus a government-built solution like\n              ADVISE. Also, Customs and Border Protection, Office of Strategic Trade\n              officials declined the system, saying that ADVISE is too expensive to set up\n              and maintain. Lastly, Immigration and Customs Enforcement has declined\n              ADVISE, but has expressed interest in the visualization part of the system that\n              would allow them to view information better from within their existing\n              system. S&T program management have stated that without identifying a\n              customer to help pay for ADVISE operations and maintenance costs by 2008,\n              the ADVISE program will come to an end.\n\nRecommendations\n              To ensure effectiveness of the ADVISE program and the management of other\n              R&D efforts, we recommend that the Under Secretary for Science and\n              Technology:\n\n              1. Develop and document an R&D process for S&T and communicate this\n                 process to IT program management.\n              2. Ensure that business cases are developed for R&D efforts as a means of\n                 addressing critical program management activities.\n              3. Appoint an S&T privacy point of contact to act as a liaison with the DHS\n                 Privacy Office to help ensure that privacy issues are addressed in a timely\n                 manner.\n              4. Coordinate with OI&A management and the Information Sharing and\n                 Collaboration Branch to create a data requirements and access strategy\n                 that includes, at a minimum, defining and documenting the process to\n\n                  ADVISE Could Support Intelligence Analysis More Effectively\n\n                                           Page 21\n\x0c                  obtain access to internal DHS databases and information from external\n                  sources.\n               5. Define usability requirements and related performance measures to ensure\n                  that future data mining technology implementations are sufficiently user-\n                  friendly to enable DHS analysts to use them effectively.\n               6. Involve DHS stakeholders in the IT acquisition process to ensure the\n                  system will meet their needs.\n               7. Ensure program management conducts a comparative analysis of available\n                  tools to determine whether or not they meet customer needs and provide\n                  viable alternatives to ADVISE.\n\nManagement Comments and OIG Evaluation\n               We obtained written comments on a draft of this report from the Under\n               Secretary for Science and Technology. We have included a copy of the\n               comments in their entirety at Appendix B.\n\n               In the comments, the Under Secretary for Science and Technology disagreed\n               with many of the findings and recommendations from the report, stating that\n               there were several areas in the report that needed to be corrected in order to\n               provide an accurate picture of the ADVISE program. With the exception of\n               our fourth recommendation regarding coordination on information sharing\n               requirements, the Under Secretary neither concurred nor non-concurred with\n               our recommendations. The Under Secretary provided detailed comments and\n               supporting documentation directed at the overall findings of the report and\n               recommendations, as well as a list of specific comments to clarify statements\n               in the report believed to be inaccurate.\n\n               We have reviewed the Under Secretary\xe2\x80\x99s comments and made changes to the\n               report as appropriate. However, we disagree with several of the major issues\n               that the Under Secretary raised in the response to our draft report. The\n               following is our evaluation of the issues raised, grouped in line with our report\n               recommendations.\n\n               Documented R&D Process:\n\n               Regarding recommendation 1 that S&T develop, document, and communicate\n               an R&D process for IT program management, the Under Secretary stated that\n               the directorate\xe2\x80\x99s R&D programs follow a structured process and are reviewed\n               by multiple management forums, such as the S&T Requirements Council.\n               The Under Secretary also said that S&T\xe2\x80\x99s current IPT processes help satisfy\n               this recommendation. We are aware of the multiple councils and forums that\n               S&T has in place to manage R&D efforts; however, they do not provide a\n               clear R&D process for program managers to follow. We reviewed the\n               documents that the Under Secretary provided on the multiple councils and\n               forums, but found that they also do not address our recommendation that the\n                  ADVISE Could Support Intelligence Analysis More Effectively\n\n                                           Page 22\n\x0cdirectorate provide guidance on activities, such as conducting privacy\nassessments and developing business cases that need to be performed as part\nof R&D program management.\n\nBusiness Case:\n\nConcerning recommendation 2, we disagree with the Under Secretary\xe2\x80\x99s\ndetermination that ADVISE is not an IT system and therefore does not require\nan OMB Exhibit 300 business case. Specifically, OMB and department\nguidance do not exclude R&D projects such as ADVISE from the OMB\nExhibit 300 business case process. The DHS Guide to Information\nTechnology Capital Planning and Investment Control also holds program\nmanagers responsible for completing business cases. In addition, a recent\ndraft of DHS Management Directive 1400 specifically requires formal\nbusiness cases for R&D projects, such as ADVISE, that meet funding\nthresholds for Investment Review Process oversight.\n\nAs we state in our report, if S&T had developed a formal business case for the\nADVISE program as required, it would have been beneficial in addressing\ncertain key program management activities, such as aligning the effort with\ncustomer needs, identifying alternative technical solutions, and determining\ndata requirements and potential effects on privacy, which were overlooked.\nAs the Under Secretary suggests, using the Capstone IPT concept may assist\nin defining requirements and getting signed Technology Transfer Agreements\nin place and ensuring commitment to delivery of technologies to address\ncustomer needs. However, this IPT concept alone does not address the full\nintent of our recommendation.\n\nPrivacy:\n\nIn response to recommendation 3, the Under Secretary stated that privacy law\nand DHS Privacy Office guidance on assessing privacy impacts do not apply\nto ADVISE for a number of reasons. First, the Under Secretary asserted that\nADVISE is a tool set and thus not a system, requiring such privacy\nassessments. However, we do not direct our recommendation at conducting\nprivacy assessments on a technical tool. Rather, we recommend completing\nprivacy assessments for implementation of the holistic ADVISE solution\nwhich, as piloted, has involved the use of personally identifiable data that\nmust be protected. ADVISE program managers did not begin the privacy\nassessment process until well after the pilot programs were already using\npersonally identifiable information; this effort is still in process.\nConsequently, our report recommends that S&T appoint a privacy point of\ncontact to act as a liaison with the DHS Privacy Office to help ensure that the\nprivacy assessments are completed and that related issues are addressed in a\ntimely manner.\n\n   ADVISE Could Support Intelligence Analysis More Effectively\n\n                            Page 23\n\x0c                        Second, the Under Secretary misinterprets our use of the term \xe2\x80\x9coperational\xe2\x80\x9d to\n                        describe the ADVISE pilots. With the term \xe2\x80\x9coperational pilot,\xe2\x80\x9d we simply are\n                        restating ADVISE program officials\xe2\x80\x99 description of the pilots, recognizing\n                        that they were conducted using live data. Indeed, during our audit, we found\n                        that several ADVISE pilots were conducted with personally-identifiable\n                        information prior to S&T having completed privacy assessments as required.\n                        Further, the Under Secretary states that the data was only used in the ADVISE\n                        pilots for a short period of time and was never used in an operational mode for\n                        decision-making. However, our audit work shows that the data was used in\n                        pilot systems for one to two years. Additionally, on at least one occasion, the\n                        data was used to produce classified intelligence information.\n\n                        Third, the Under Secretary interprets our report as stating that ADVISE\n                        program managers neither conducted the appropriate privacy assessments and\n                        analysis, nor prepared related documentation. We do not say that program\n                        managers did not undertake this responsibility. Rather, our report states that\n                        S&T\xe2\x80\x99s failure to properly address privacy issues in a timely manner prior to\n                        deploying the three ADVISE pilots had the ultimate effect of bringing the\n                        program to a halt. The additional information that the Under Secretary\n                        provides on time frames for conducting the pilots provides no new insights\n                        and further substantiates our findings. Specifically, the time frames do not\n                        differ greatly from the dates that the DHS Privacy Office provided, which we\n                        outlined in our report.\n\n                        Fourth, the Under Secretary suggested that we change the name of the Bio\n                        Defense Knowledge Center pilot that we discuss in our report. We disagree.\n                        Our discussion refers to an ADVISE pilot conducted at the Bio Defense\n                        Knowledge Center since 2004, not to any additional pilot projected for later in\n                        2007. A copy of documentation that DHS provided to congressional staff\n                        shows that the pilot was operational beginning in 2004. 14 Further, during our\n                        visit to the center, we also received a demonstration of the pilot, showing that\n                        it was underway and contained personally identifiable information.\n\n                        Lastly, we closed our recommendation on privacy coordination, given the\n                        Under Secretary\xe2\x80\x99s statement that an S&T liaison to the DHS Privacy Office\n                        was appointed recently.\n\n                        Data Access:\n\n                        The Under Secretary stated that S&T is not directly responsible for data\n                        access at OI&A. We agree with this assertion. However, as we state in our\n                        report, without first determining what data was needed and how it would be\n                        accessed, OI&A analysts had no effective means of evaluating the utility of\n\n14\n  Threat Awareness Portfolio, FY 2007 TAP Budget, DHS Briefing to Homeland Security Appropriations Subcommittee\nStaff, April 21, 2006.\n                            ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                     Page 24\n\x0cthe system during the pilot phase. For example, OI&A analysts and ADVISE\nprogram officials that we interviewed indicated that limited data access posed\nsignificant challenges to testing and evaluating TVIS.\n\nThe Under Secretary concurred with our recommendation that S&T\ncoordinate with OI&A to create data requirements and an access strategy.\nHowever, because this was not done early on, S&T did not fully understand\nuser requirements for an automated means of easily processing and analyzing\nlarge amounts of unstructured data. Although the Under Secretary stated that\nextracting facts and relationships from unstructured text accurately is very\ndifficult and time consuming, this is precisely what ADVISE must do to\naddress the needs of the intelligence analyst user community. Without such\nutility, analysts find limited value in using ADVISE and continue to rely upon\ntheir existing systems instead.\n\nFurther, although the Under Secretary stated that the timeline for TVIS is\nincorrect, he does not specify what revisions are needed. As depicted, our\ntimeline reflects documentation that Pacific Northwest National Laboratory\nprovided to us that TVIS went \xe2\x80\x9con-line January 2005.\xe2\x80\x9d\n\nUsability and Performance Measures:\n\nIn response to recommendation 5, the Under Secretary disagreed with our\nassessment of ADVISE usability, and provided additional information on\nusability tests conducted at the Interagency Center for Applied Homeland\nSecurity Technology using pre-loaded data and involving analysts from\nvarious backgrounds. We updated our report with the results of this test,\nwhich was completed after our audit fieldwork had ended. However, in his\nresponse to the recommendation, the Under Secretary misinterprets the\nmessage of our report, which addressed whether or not analysts at OI&A\nfound the pilot system, broadly speaking, useable when applied to their\nspecific intelligence work and not the usability of the ADVISE user interface\nalone. As we stated in the report, OI&A analysts indicated that preparing data\nfor ADVISE processing was difficult and time consuming, which led to\nlimited use of the system.\n\nThe Under Secretary neither concurred nor non-concurred with our\nrecommendation to define usability requirements and related performance\nmetrics to ensure that future data mining efforts will be sufficiently user\nfriendly to support analysts. Instead, the Under Secretary discussed the goals\nof the new IPT process, which include developing capability gaps, identifying\nrelated performance measures, defining usability, and incorporating that\ndefinition into program plans. We believe the IPT process is an effective step\ntoward addressing our recommendation and look forward to receiving\nadditional information on the results of IPT efforts.\n\n   ADVISE Could Support Intelligence Analysis More Effectively\n\n                            Page 25\n\x0cStakeholder Involvement:\n\nIn response to recommendation 6, the Under Secretary said that S&T\neffectively communicated and coordinated with OI&A system users during\npilot activities. We agree that S&T provided OI&A analysts with on-site\nsupport and training; however, we determined that communication with\nleadership regarding the ADVISE acquisition was lacking. For example, as\nwe stated in our report, S&T did not coordinate effectively with senior OI&A\nexecutives to ensure their commitment to adopting ADVISE as a solution for\ntheir intelligence analysis needs.\n\nThe Under Secretary disagreed with our statement in the report that OI&A had\ndeclined to be an ADVISE customer. The Under Secretary questioned how we\nhad made this determination, asserting that OI&A has not made a decision yet\non acquiring ADVISE. S&T provided us with a copy of an email in an\nattempt to disprove our statement. However, we were unable to rely on it for\nsupport as sender and recipient information on the document had been\nredacted. As such, we stand by our determination. During our audit\nfieldwork, the senior OI&A decision maker told us specifically that, given the\nprivacy and data mining concerns about ADVISE, as well as the availability\nof off-the-shelf alternatives, the component likely would not pay to acquire\nthe system. This official said that OI&A would continue to use existing tools\nuntil an appropriate IT solution could be identified and acquired.\n\nAdditionally, the Under Secretary did not concur or non-concur with our\nrecommendation to involve DHS stakeholders in the IT acquisition process as\na means of ensuring that the system will meet their needs. The Under\nSecretary countered that S&T does not perform IT acquisitions because that is\na function of the DHS CIO. Nonetheless, S&T\xe2\x80\x99s recent introduction of the\nIPT process, involving stakeholders at all levels, is a step in the right direction\nand may help in involving leadership and gaining their commitment to R&D\nefforts.\n\nComparative Analysis:\n\nThe Under Secretary did not concur or non-concur with our recommendation\n7 that a comparative analysis of available tools be conducted to determine if\nthe current tools meet customer\xe2\x80\x99s needs and provide viable alternatives. The\nUnder Secretary countered this recommendation by stating that S&T has\nalready conducted an alternatives analysis. We agree. ADVISE program staff\nbriefed senior OI&A Management on a comparative analysis of the tools on\nMarch 15, 2007. However, S&T conducted this analysis two years after the\nsystem had already been piloted. Further, as we state in our report, S&T\xe2\x80\x99s\npresentation to OI&A leadership on the results of this analysis was too\ntechnical and did not convince the leadership that ADVISE was unique and\nthe right solution in comparison with other potential off-the-shelf tools.\n   ADVISE Could Support Intelligence Analysis More Effectively\n\n                            Page 26\n\x0cThe Under Secretary incorrectly interprets our report as stating that ADVISE\nwill replace Analyst\xe2\x80\x99s Notebook. Rather, our report states that Analyst\xe2\x80\x99s\nNotebook, similar to ADVISE, provides analysts with the ability to depict\nconnections between people and organizations. With this statement, we\ncompare the tools, but do not suggest that ADVISE will replace Analyst\xe2\x80\x99s\nNotebook.\n\nOther Topics of Concern:\n\nAs part of his response, the Under Secretary provided a table of detailed\ncomments cross-referenced to specific pages of our report. We reviewed the\ncomments and made changes to our report as appropriate. Many of the\ncomments related to our report recommendations, which we have addressed\nabove.\n\nHowever, the Under Secretary provided an additional comment that our report\nimplicitly compares the defunct Total Information Awareness (TIA) system to\nADVISE. Rather, we mentioned TIA as part of the background discussion of\nthe report to illustrate the challenge of balancing privacy assurance with data\nmining processes. We do not specifically compare ADVISE with TIA.\n\nThe Under Secretary also stated that our report should address GAO\xe2\x80\x99s\nrecommendation that S&T conduct a privacy assessment on the ADVISE\nsystem alone, even prior to entering data into the system. However, our report\ndoes not make this recommendation; as such, it is not appropriate for us to\naddress this issue. Nonetheless, as we indicated in our report, privacy should\nhave been assessed in a timely fashion for each ADVISE pilot.\n\n\n\n\n   ADVISE Could Support Intelligence Analysis More Effectively\n\n                            Page 27\n\x0cAppendix A\nScope and Methodology\n\n\n                  As background for this audit, we researched and reviewed IT laws,\n                  regulations, and other federal guidance applicable to DHS\xe2\x80\x99 responsibility for\n                  data mining to determine terrorist activity. We reviewed prior GAO and DHS\n                  OIG reports related to data mining. We searched the Internet to obtain\n                  testimony, reports, documents, and news articles regarding DHS\xe2\x80\x99 data mining\n                  approach and the use of data mining systems. Additionally, we coordinated\n                  with GAO to ensure that an audit it was conducting did not overlap with our\n                  audit objectives. Using this information, we designed a data collection\n                  approach that consisted of focused interviews and documentation analysis.\n                  We developed a series of questions and discussion topics to facilitate our\n                  interviews.\n\n                  We interviewed DHS officials and staff at S&T and OI&A to obtain an\n                  understanding of DHS\xe2\x80\x99 approach to using data mining for determining\n                  potential terrorist activity. These officials discussed their roles,\n                  responsibilities, and activities related to planning, developing, testing, and\n                  implementing ADVISE. We collected and reviewed numerous documents\n                  from DHS officials about their plans and current initiatives for ADVISE.\n\n                  Further, we visited various technical facilities to gain an understanding of\n                  their operations and involvement in development, testing, and deployment of\n                  ADVISE. We also met with potential customers of the system to learn about\n                  their experiences with S&T program and project management throughout the\n                  system development and transition process. Specifically, we visited:\n\n                        \xe2\x80\xa2   The Interagency Center for Applied Homeland Security Technologies,\n                            a state-of-the art independent testing facility, operated by Johns\n                            Hopkins University in Laurel, MD. The Center plays an instrumental\n                            role in testing and evaluating the ADVISE system using fabricated\n                            synthetic data. The Center\xe2\x80\x99s officials provided their perspectives on\n                            ADVISE program management, communications, and training.\n\n                        \xe2\x80\xa2   The Lawrence Livermore National Laboratory in Livermore, CA, and\n                            Pacific Northwest National Laboratory in Richland, WA, to\n                            understand ADVISE requirements definition and development, and to\n                            observe system operations using real data. While at Livermore, we\n                            visited the Biodefense Knowledge Center and the All-WME at\n                            Livermore to understand how ADVISE is used to contain bio-\n                            terrorism and terrorism using weapons of mass effect. We interviewed\n                            contractor personnel there, focusing on implementation of ADVISE, as\n                            well as business processes, communication and coordination with\n                            DHS, and systems training. Where possible, we obtained reports and\n                            other materials to support the comments and information they\n                            provided during the interviews.\n\n                        ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                 Page 28\n\x0cAppendix A\nScope and Methodology\n\n\n                        \xe2\x80\xa2   Immigration and Customs Enforcement, Customs and Border\n                            Protection, and the Office of Intelligence and Analysis to gather their\n                            feedback on interaction with S&T and any system implementation\n                            challenges.\n\n                  We limited our review of the privacy implications of ADVISE to those\n                  aspects not covered in the GAO\xe2\x80\x99s review of ADVISE, particularly OI&A.\n\n                  We conducted our audit from October 2006 through March 2007. We\n                  performed our work pursuant to the Inspector General Act of 1978, as\n                  amended, and according to generally accepted government auditing standards.\n\n                  The principal OIG points of contact for the audit are Frank Deffer, Assistant\n                  Inspector General for Information Technology Audits, and Sondra McCauley,\n                  Director, Information Management. Major contributors to the audit are\n                  identified in Appendix C.\n\n\n\n\n                        ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                 Page 29\n\x0cAppendix B\nManagement Comments to the Draft Report\n\n\n\n\n                     ADVISE Could Support Intelligence Analysis More Effectively\n\n                                              Page 30\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 31\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 32\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 33\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 34\n\x0cNow on\nPage 16\n\n\n\n\nNow on\nPage 13\n\n\n\n\n          ADVISE Could Support Intelligence Analysis More Effectively\n\n                                   Page 35\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 36\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 37\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 38\n\x0cNow on\nPage 6\n\n\n\n\n         ADVISE Could Support Intelligence Analysis More Effectively\n\n                                  Page 39\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 40\n\x0cNow on\nPage 12\n\n\n\n\n          ADVISE Could Support Intelligence Analysis More Effectively\n\n                                   Page 41\n\x0cNow on\nPage 15\n\nNow on\nPage 15\n\nNow on\nPage 17\n\n\n\n\n          ADVISE Could Support Intelligence Analysis More Effectively\n\n                                   Page 42\n\x0cNow on\nPage 19\n\n\n\n\n          ADVISE Could Support Intelligence Analysis More Effectively\n\n                                   Page 43\n\x0cADVISE Could Support Intelligence Analysis More Effectively\n\n                         Page 44\n\x0cAppendix C\nMajor Contributors to this Report\n\n\n\n                    Information Management Division\n\n                    Sondra McCauley, Director\n                    Richard Harsche, Audit Manager\n                    Steve Staats, Auditor\n                    Shannon E. Frenyea, Auditor\n                    Anthony Nicholson, Referencer\n\n\n\n\n                       ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                Page 45\n\x0cAppendix D\nReport Distribution\n\n\n                      Department of Homeland Security\n\n                      Secretary\n                      Deputy Secretary\n                      Chief of Staff\n                      Deputy Chief of Staff\n                      General Counsel\n                      Executive Secretariat\n                      Assistant Secretary for Policy\n                      Assistant Secretary for Public Affairs\n                      Assistant Secretary for Legislative and Intergovernmental Affairs\n                      DHS OIG Liaison\n                      DHS Chief Information Officer\n                      DHS Deputy Chief Information Officer\n                      Directorate for Science and Technology Audit Liaison\n                      Assistant Secretary, Office of Intelligence and Analysis\n                      Office of Intelligence and Analysis Chief Information Officer\n                      Director, GAO/OIG Liaison Office\n                      Under Secretary, Science and Technology\n                      Under Secretary, Office of Intelligence and Analysis\n\n\n                      Office of Management and Budget\n\n                      Chief, Homeland Security Branch\n                      DHS OIG Budget Examiner\n\n                      Congress\n\n                      Congressional Oversight and Appropriations Committees, as appropriate\n\n\n\n\n                         ADVISE Could Support Intelligence Analysis More Effectively\n\n                                                  Page 46\n\x0cAppendix C\nMajor Contributors to this Report\n\n\n\n\n Additional Information and Copies\n\n To obtain additional copies of this report, call the Office of Inspector General (OIG) at\n (202) 254-4199, fax your request to (202) 254-4305, or visit the OIG web site at\n www.dhs.gov/oig.\n\n\n OIG Hotline\n\n To report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal\n or noncriminal misconduct relative to department programs or operations:\n\n     \xe2\x80\xa2   Call our Hotline at 1-800-323-8603;\n     \xe2\x80\xa2   Fax the complaint directly to us at (202) 254-4292;\n     \xe2\x80\xa2   Email us at DHSOIGHOTLINE@dhs.gov; or\n     \xe2\x80\xa2   Write to use at:\n           DHS Office of Inspector General/MAIL STOP 2600, Attention:\n           Office of Investigations - Hotline, 245 Murray Drive, SW, Building 410,\n           Washington, DC 20528,\n\n The OIG seeks to protect the identity of each writer and caller.\n\x0c'